DOCSLIB.ORG

Mach 3 Kernel Principles

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mach 3 Kernel Principles Mach 3 Kernel Principles Open Software Foundation and Carnegie Mellon University Keith Loepere O S F NORMA-MK12: July 15, 1992 This book is in the Open Software Foundation Mach 3 series. Books in the OSF Mach 3 series: Mach 3 Kernel Principles Mach 3 Kernel Interfaces Mach 3 Server Writer’s Guide Mach 3 Server Writer’s Interfaces Revision History: Revision 2 MK67: January 7, 1992 OSF Mach release Revision 2.2 NORMA-MK12: July 15, 1992 Change bars indicate changes since MK67. Copyright© 1991 by the Open Software Foundation and Carnegie Mellon University. All rights reserved. Contents CHAPTER 1 Introduction . 1 Kernel Abstractions . 2 Structure of this Document . 5 CHAPTER 2 Architectural Model. 7 Elements. 7 Threads. 10 Tasks . 10 Ports . 11 Messages . 11 Message Queues. 12 Port Rights . 12 Port Name Space . 12 Port Sets . 13 Virtual Address Spaces . 13 Abstract Memory Objects . 14 Memory Cache Objects . 15 Processors . 15 Processor Sets . 15 Nodes . 16 Hosts . 16 Devices. 16 Events. 17 CHAPTER 3 Threads and Tasks . 19 Threads. 19 Tasks . 24 CHAPTER 4 Ports, Rights and Messages. 27 Ports . 27 Messages . 29 Message Queues. 30 Port Rights . 30 Port Name Space . 32 Port Sets . 34 Message Transmission . 35 Mach 3 Kernel Principles iii CHAPTER 5 Virtual Memory Management . 37 Virtual Address Spaces . 37 Memory Objects. 40 CHAPTER 6 Physical Resource Management . 55 Physical Memory . 55 Processors . 56 Processor Sets . 57 Nodes . 59 Hosts . 60 Devices. 61 Access to Privileged Ports . 64 iv Mach 3 Kernel Principles CHAPTER 1 Introduction This book documents the user visible architecture of the Mach 3 kernel. It is assumed that the reader is familiar with the basic ideas of Mach as are found in: Mike Accetta, Robert Baron, William Bolosky, David Golub, Richard Rashid, Avadis Tevanian, Michael Young, “Mach: A New Kernel Foundation for UNIX Development,” in Proceedings of the Summer 1986 USENIX Conference, Atlan- ta, GA. The notion of operating system functionality provided via a Mach user space server can be found in: David Golub, Randall Dean, Alessandro Forin, Richard Rashid, “UNIX as an Application Program,” in Proceedings of the Summer 1990 USENIX Confer- ence, Anaheim, CA. Mach was originally developed as a variant of BSD that provided users with enhanced memory management, multiple points of control (threads) and an extensive process (task) to process communication facility (IPC). The goals of Mach include: • Exploiting parallelism in both operating system and user applications. • Supporting large, potentially sparse address spaces with flexible memory sharing. • Allowing transparent network resource access. • Compatibility with existing software environments (BSD). • Portability. The Mach 3 kernel is a kernel that provides only the Mach related features, along with any features needed to provide support for higher system layers. As such, the kernel no longer provides BSD functionality; indeed, it does not provide the functionality of any Mach 3 Kernel Principles 1 Introduction traditional operating system. Instead, it provides the base upon which operating systems can be built. The Mach kernel subscribes to the philosophy of: • A simple, extensible communication kernel. • An object basis with communication channels as object references. • A client / server programming model, using synchronous and asynchronous inter-pro- cess communication. • User mode tasks performing many traditional operating system functions (e.g. file sys- tem, network access). The fundamental idea is that of a simple, extensible communication kernel. It is a goal of the Mach project to move more and more functionality out of the kernel, until everything is done by user mode tasks communicating via the kernel. Of course, even in the ex- treme, the kernel must provide other support besides task to task communication, in par- ticular: • Management of points of control (threads). • Resource assignment (tasks). • Support of address spaces for tasks. • Management of physical resources (physical memory, processors, device channels). Even here, though, the goal is to move functionality outside the kernel. User mode tasks implement the policies regarding resource usage; the kernel simply provides mechanisms to enforce those policies. Kernel Abstractions Although it is a goal of the Mach kernel to minimize abstractions provided by the kernel, it is not a goal to be minimal in the semantics associated with those abstractions. As such, each of the abstractions provided has a rich set of semantics associated with it, and a complex set of interactions with the other abstractions. Although this makes it difficult to identify key ideas, the main kernel abstractions are considered to be the following: • Task — The unit of resource allocation: large address space, port rights. • Thread — The unit of CPU utilization, lightweight (low overhead). • Port — Communication channel, accessible only via send / receive capabilities (rights). • Message — Typed collection of data objects. • Memory object — Internal unit of memory management. The kernel provides some memory management, of course. Memory is associated with tasks. Memory objects are the means by which tasks take control over memory manage- ment. 2 Mach 3 Kernel Principles Kernel Abstractions Tasks and Threads The Mach kernel does not provide the traditional notion of the process. This is for two main reasons: • Any given operating system environment has considerable semantics associated with a process (such as user ID, signal state, etc.). It is not the purpose of the Mach kernel to understand or provide these extended semantics. • Many systems (BSD, for example) equate a process with an execution point of con- trol. Some systems (AOS, for example) do not. Mach wishes to support multiple points of control in a way separate from any given operating system environment’s no- tion of process. Instead, Mach provides two notions: the task and the thread. A thread is Mach’s notion of the point of control. A task exists to provide resources for its containing threads. This split is made to provide for parallelism and resource sharing. A thread: • Is a point of control flow in a task. • Has access to all of the elements of the containing task. • Potentially executes in parallel with other threads, even threads within the same task. • Has minimal state for low overhead. A task: • Is a collection of system resources. These resources, with the exception of the address space, are referenced by ports. These resources may be shared with other tasks if rights to the ports are so distributed. • Provides a large, potentially sparse address space, referenced by machine address. Portions of this space may be shared through inheritance or external memory manage- ment. • Contains some number of threads. Note that a task has no life of its own; only threads execute instructions. When it is said “a task Y does X” what is really meant is that “a thread contained within task Y does X”. A task is a fairly expensive entity. It exists to be a collection of resources. All of the threads in a task share everything. Two tasks share nothing without explicit action (al- though the action is often simple) and some resources cannot be shared between two tasks at all (such as port receive rights). A thread is a fairly light-weight entity. It is fairly cheap to create and has low overhead to operate. This is true because a thread has little state (mostly its register state); its owning task bears the burden of resource management. On a multiprocessor it is possible for mul- tiple threads in a task to execute in parallel. Even when parallelism is not the goal, multi- ple threads have an advantage in that each thread can use a synchronous programming style, instead of attempting asynchronous programming with a single thread attempting to provide multiple services. Mach 3 Kernel Principles 3 Introduction Memory Management The Mach kernel provides the mechanisms to support large, potentially sparse virtual ad- dress spaces. Each task has an associated address map (maintained by the kernel) which controls the translation of virtual address in the task’s address space into physical ad- dresses. As is true in virtual memory systems, the contents of the entire address space of any given task is most likely not completely resident in physical memory at any given time, and mechanisms must exist to use physical memory as a cache for the virtual ad- dress spaces of tasks. Unlike traditional virtual memory designs, the Mach kernel does not implement all of this caching itself; it endeavors to allow user mode tasks the ability to participate in these mechanisms. Unlike all other resources in the Mach system, virtual memory is not referenced via ports. Memory can be referenced only by using virtual addresses as indices into a particu- lar task’s address space. The memory (and the associated address map) that defines a task’s address space can be partially shared with other tasks. A task can allocate new ranges of memory within its address space, de-allocate them, and change protections on them. It can also specify inheritance properties for the ranges. A new task is created by specifying an existing task as a base from which to construct the address space for the new task. The inheritance attribute of each range of the memory of the existing task determines whether the new task has that range defined and whether that range is virtually copied or shared with the existing task. Within Mach, most virtual copy operations for memory are actually achieved through copy-on-write optimizations. A copy-on-write optimization is accomplished by not di- rectly copying the range, but by protected sharing. The two tasks both share the memory to be copied, but with read-only access. When either task attempts to modify a portion of the range, that portion is copied at that time. This lazy evaluation of memory copies is an important performance optimization performed by the Mach kernel, and important to the communication / memory philosophy of Mach.
Load more

Recommended publications
  • Moving FLASK to BSD Systems
    MovingMoving FLASKFLASK toto BSDBSD SSystemsystems SELinux Symposium 2006 Chris Vance Information Systems Security Operation, SPARTA, Inc. Vance_20060301_01 Overview • Security Frameworks • A Brief History • SELinux Inspired… – Security Enhanced BSD – Security Enhanced Darwin Vance_20060301_02 Security Frameworks • Traditional UNIX security isn’t enough – OS hardening – Mandatory protection – Flexible, manageable, scalable protection • Support required in the operating system for new security services – Costs of locally maintaining security extensions are high – Framework offers extensibility so that policies may be enhanced without changing the base operating system • There does not appear to be one perfect security model or policy – Sites may have different security/performance trade-offs – Sites may have special local requirements – Vendors unlikely to adopt a single policy • Bottom Line: Frameworks for Linux, FreeBSD, Darwin Vance_20060301_03 How We Got Here… Vance_20060301_04 Focus and Reuse • Don’t “reinvent” security – Learn from the past – The research is often decades old – A good design is durable, doesn’t require constant change – FLASK hasn’t changed much recently, what’s that mean? • Leverage existing technology, focus on “new” issues – Focus on improving operating system security – Spend the time to get Frameworks correct – Work with vendor for acceptance – Develop rule sets that work – Develop effective tools to manage policy • Do innovate – Don’t stop thinking! – Don’t squash new ideas – Re-factor old ideas Vance_20060301_05
    [Show full text]
  • Operating System Structure
    Operating System Structure Joey Echeverria [email protected] modified by: Matthew Brewer [email protected] Nov 15, 2006 Carnegie Mellon University: 15-410 Fall 2006 Overview • Motivations • Kernel Structures – Monolithic Kernels ∗ Kernel Extensions – Open Systems – Microkernels – Exokernels – More Microkernels • Final Thoughts Carnegie Mellon University: 15-410 Fall 2006 1 Motivations • Operating systems have a hard job. • Operating systems are: – Hardware Multiplexers – Abstraction layers – Protection boundaries – Complicated Carnegie Mellon University: 15-410 Fall 2006 2 Motivations • Hardware Multiplexer – Each process sees a “computer” as if it were alone – Requires allocation and multiplexing of: ∗ Memory ∗ Disk ∗ CPU ∗ IO in general (network, graphics, keyboard etc.) • If OS is multiplexing it must also allocate – Priorities, Classes? - HARD problems!!! Carnegie Mellon University: 15-410 Fall 2006 3 Motivations • Abstraction Layer – Presents “simple”, “uniform” interface to hardware – Applications see a well defined interface (system calls) ∗ Block Device (hard drive, flash card, network mount, USB drive) ∗ CD drive (SCSI, IDE) ∗ tty (teletype, serial terminal, virtual terminal) ∗ filesystem (ext2-4, reiserfs, UFS, FFS, NFS, AFS, JFFS2, CRAMFS) ∗ network stack (TCP/IP abstraction) Carnegie Mellon University: 15-410 Fall 2006 4 Motivations • Protection Boundaries – Protect processes from each other – Protect crucial services (like the kernel) from process – Note: Everyone trusts the kernel • Complicated – See Project 3 :) – Full
    [Show full text]
  • Chapter 2 Operating System Structures
    Operating Systems Associate Prof. Yongkun Li 中科大-计算机学院 副教授 http://staff.ustc.edu.cn/~ykli Chapter 2 Operating System Structures 1 Objectives • Operating System Services – User Operating System Interface – System Calls • Operating System Structure • Operating System Design and Implementation • MISC: Debugging, Generation & System Boot 2 Operating System Services Services Overview, User Interface 3 Operating System Services • Operating systems provide – an environment for execution of programs and – services to programs and users • Services may differ from one OS to another • What are the common classes? – Convenience of the user – Efficiency of the system 4 Overview of Operating System Services 5 OS Services for Helping Users • User interface - Almost all operating systems have a user interface (UI). – Three forms • Command-Line (CLI) – Shell command • Batch – Shell script • Graphics User Interface (GUI) – Windows system 6 OS Services for Helping Users • Program execution – Load a program into memory – Run the program – End execution • either normally or • abnormally (indicating error) 7 OS Services for Helping Users • I/O operations - A running program may require I/O, which may involve a file or an I/O device – Common I/Os: read, write, etc. – Special functions: recording CD/DVD • Notes: Users usually cannot control I/O devices directly, so OS provides a mean to do I/O – Mainly for efficiency and protection 8 OS Services for Helping Users • File-system manipulation - The file system is of particular interest – OS provides a variety of file systems • Major services – read and write files and directories – create and delete files and directories – search for a given file – list file Information – permission management: allow/deny access 9 OS Services for Helping Users • Communications: information exchange between processes – Processes on the same computer – Processes between computers over a network • Implementations – Shared memory • Two or more processes read/write to a shared section of mem.
    [Show full text]
  • Darwin: Mac OS X's Core OS
    ADC April 2001 3/8/01 1:57 PM Page 1 Apple Developer Connection Direct Darwin: Mac OS X’s Core OS eneath Mac OS X’s user-friendly and attractive user interface, Most of the reference documents can be Aqua, and the application frameworks (Classic, Carbon and found in the /Developer/Documentation/ BCocoa) is Darwin: Mac OS X’s core OS. Unseen by users, Kernel directory on any Mac OS X system Darwin provides a strong yet flexible foundation with features like with the Mac OS X Developer Tools package preemptive multitasking, protected memory and real-time support installed. that make Mac OS X a truly modern operating system. The focus of this article is to provide a brief overview of Components of Darwin Darwin and its components as well as give an introduction to Just like in the old Reese’s Peanut Butter developing kernel extensions—modules that extend Darwin’s Cups commercials (“You’ve got chocolate in functionality. For more in-depth information, you should read my peanut butter… No, you’ve got peanut butter on my choco- Inside Mac OS X: Kernel Environment which is available, along late!”), Darwin blends a mixture of mature industry standard com- with other documents referred to in this article, on the Apple ponents such as Mach and BSD with Apple-engineered components Developer Connection (ADC) web site in the Mac OS X to provide Mac OS X with a stable, reliable and extensible founda- Documentation section: tion. Darwin consists of five main components: Mach, I/O Kit, File http://developer.apple.com/techpubs/macosx/macosx.html System, Networking and BSD.
    [Show full text]
  • Mach-O Internals
    Mach-O Internals William Woodru February 10, 2016 1 / 31 General Agenda 1. Who are you? 2. What is Mach-O? 3. An Extremely Brief History of Mach and Mach-O 4. Structure of a Mach-O File 5. Quirks Encountered 6. Concluding Notes 2 / 31 Who are you? My name is William Woodru. I'm a Computer Science major and Philosophy minor at the University of Maryland, College Park. Outside of school, I'm a member of the Homebrew project and a regular contributor to several open source groups. My work for Homebrew is largely concerned with the underlying system interface and reconciling OS X's intricacies/irregularities with the package manager. 3 / 31 What is Mach-O? Mach-O is the Mach Object binary format. Mach-O is used primarily by Apple in OS X and iOS. Apps on both platforms are really just directory trees containing Mach-O binaries and resources (fonts, icons, congurations). Metadata is stored in a number of places, but mainly within bundled plists (XML) and the binaries themselves. Like its cousins on Linux (ELF) and Windows (PE), Mach-O supports multiple object types: I Executable I Core dump I Shared library/object I Prelinked object le I etc. 4 / 31 . and multiple architectures: I m68k/m88k (yes, it's still supported!*) I x86 I AMD64 I POWER I ARMv6/7/8 Unlike ELF or PE, Mach-O has been extended to allow multi-architecture fat binaries. This has resulted in some interesting properties not shared by the other two. More on that later.
    [Show full text]
  • Evolving Mach 3.0 to a Migrating Thread Model
    Evolving Mach to a Migrating Thread Mo del Bryan Ford Jay Lepreau University of Utah Abstract Wehave mo died Mach to treat crossdomain remote pro cedure call RPC as a single entity instead of a sequence of message passing op erations With RPC thus elevated we improved the transfer of control during RPC bychanging the thread mo del Like most op erating systems Mach views threads as statically asso ciated with a single task with two threads involved in an RPC An alternate mo del is that of migrating threads in which during RPC a single thread abstraction moves b etween tasks with the logical owofcontrol and server co de is passively executed Wehave compatibly replaced Machs static threads with migrating threads in an attempt to isolate this asp ect of op erating system design and implementation The key elementof our design is a decoupling of the thread abstraction into the execution context and the schedulable thread of control consisting of a chain of contexts A key element of our implementation is that threads are now based in the kernel and temp orarily make excursions into tasks via up calls The new system provides more precisely dened semantics for thread manipulation and additional control op erations allows scheduling and accounting attributes to follow threads simplies kernel co de and improves RPC p erformance Wehave retained the old thread and IPC interfaces for backwards compatibility with no changes required to existing client programs and only a minimal change to servers as demonstrated by a functional Unix single server
    [Show full text]
  • Mach: a System Software Kernel Abstract
    Mach: A System Software Kernel Richard Rashid, Daniel Julin, Douglas Orr, Richard Sanzi, Robert Baron, Alessandro Forin, David Golub, Michael Jones Department of Computer Science Carnegie Mellon University Pittsburgh, Pennsylvania 15213 Abstract for a 16-bit uniprocessor. Under the weight of changing needs and technology, Unix has been modified to provide a The Mach operating system can be used as a system staggering number of different mechanisms for managing ob- software kernel which can support a variety of operating jects and resources. In addition to pipes, Unix versions now system environments. Key elements of the Mach design support facilities such as System V streams, 4.2BSD sockets, which allow it to efficiently support system software include pty's, various forms of semaphores, shared memory and a integrated virtual memory management and interprocess com- munication, multiple threads of control within one address mind-boggling array of ioctl operations on special files and space, support for transparent system trap callout and an ob- devices. The result has been scores of additional system calls ject programming facility integrated with the Mach IPC and options with less than uniform access to different mechanisms. Mach is currently available both from CMU resources within a single Unix system and within a network of and commercially on a wide range of uniprocessor and mul- tiprocessor hardware. Unix machines. The Mach operating system kernel developed at Carnegie 1. Introduction Mellon University [1] was designed to operate on both uniprocessors and multiprocessors and to provide a small set The operating system software problems faced by manufac- of basic facilities which would permit a wide variety of turers are often magnified by a need for compatibility be- operating system environments to be efficiently implemented.
    [Show full text]
  • 01.Answers Even.Osx
    1 Answers to Even-numbered Exercises 1. 2. What is the Free Software Foundation/GNU? BSD? Mach? Which parts of the Mac OS X operating system did each provide? The Free Software Foundation (www.fsf.org) is the principal organizational sponsor of the GNU Project. GNU developed many of the tools, including the C compiler, that are part of Mac OS X. BSD stands for Berkeley Software Distribution; it describes the code released by the University of California at Berkeley. Mach is an operating system kernel developed at CMU. Mac OS X uses some GNU tools, such as the GNU C compiler, and the bash shell, a lot of BSD tools and utilities, and the Mach kernel. 3. 4. How can you use utility programs and a shell to create your own applications? You can write a shell script, also called a shell program, or a batch file under DOS. A shell script is one or more command lines contained in a file. Make the file executable and give the name of the file as a command: The shell then executes the commands in the file as though you had typed each command individually. (You may need to give the command as ./command.) 5. 6. What is the difference between a multiprocessor and a multiprocessing system? Multiprocessor (having more than one processor) refers to a system with two or more processors or CPUs. Multiprocessing (supporting multiple processes) refers to a system that can process one or more tasks at a time. 1 2 Answers to Even-numbered Exercises 7. 8.
    [Show full text]
  • An Operating System
    Page 1 of 7 What is an Operating System 2.1 Examples: An operating system (OS) is software that manages computer hardware and software resources and provides common services for computer programs. The operating system is an essential component of the system software in a computer system. Application programs usually require an operating system to function. Unix and Unix-like operating systems Unix was originally written in assembly language.[6] Ken Thompson wrote B, mainly based on BCPL, based on his experience in the MULTICS project. B was replaced by C, and Unix, rewritten in C, developed into a large, complex family of inter-related operating systems which have been influential in every modern operating system (see History). The Unix-like family is a diverse group of operating systems, with several major sub-categories including System V, BSD, and Linux. The name "UNIX" is a trademark of The Open Group which licenses it for use with any operating system that has been shown to conform to their definitions. "UNIX-like" is commonly used to refer to the large set of operating systems which resemble the original UNIX. Unix-like systems run on a wide variety of computer architectures. They are used heavily for servers in business, as well as workstations in academic and engineering environments. Free UNIX variants, such as Linux and BSD, are popular in these areas. Four operating systems are certified by The Open Group (holder of the Unix trademark) as Unix. HP's HP-UX and IBM's AIX are both descendants of the original System V Unix and are designed to run only on their respective vendor's hardware.
    [Show full text]
  • Operating Systems, 1997., the Sixth Work
    Experience with the Development of a Microkernel-Based, Multiserver Operating System Freeman L. Rawson I11 IBM Austin Abstract and feel” of any operating system in the set while maintaining a single system image that shared as much code as possible among the During the first half the 1990s IBM developed a set . of of personalities operating system products called Worhplace OS that was bused . that offered full compatibility with all of the operating on the Mach 3.0 microkernel and Taligent’s object-oriented systems in the set and with DOSlWindows 3.1 TalOS. These products were intended to be scalable, portable + which offered the choice of a fully object-oriented and capable of concurrently running multiple operating system operating system including both object-oriented interfaces personalities while sharing as much code as possible. The and an object-oriented implementation operating system personalities were constructed out of a set of - which provided real time operation. user-level personality and personality-neutral servers and Since the technologies were modular, the project was libraries. While we made a number of important changes to structured as a set of related products so that customers could Mach 3.0, we maintained its fundamentals and the multi-server buy precisely the parts that they needed. The project as a design throughout our project. In evaluating the resulting system, whole was known as Workplace OS (WPOS) but was often a number ofproblems are apparent. There is no good way to referred to as the “microkemel-based” system because of the factor multiple existing systems into a set of functional servers central role played by the microkernel and because the without making them excessively large and complex.
    [Show full text]
  • Microkernels: Mach and L4
    Microkernels: Mach and L4 Presented by Jason Wu With content borrowed from Dan Williams (2009) and Hakim Weatherspoon (2008) Outline • Introduction to Kernels • 1st Generation Microkernels – Mach • 2nd Generation Microkernels – L4 • Conclusions Introduction to Kernels • Different Types of Kernel Designs – Monolithic kernel – Microkernel – Hybrid Kernel – Exokernel – Virtual Machines? Monolithic Kernels • All OS services operate in kernel space • Good performance • Disadvantages – Dependencies between system component – Complex & huge (millions(!) of lines of code) – Larger size makes it hard to maintain • E.g. Multics, Unix, BSD, Linux Microkernels • Minimalist approach – IPC, virtual memory, thread scheduling • Put the rest into user space – Device drivers, networking, file system, user interface • More stable with less services in kernel space • Disadvantages – Lots of system calls and context switches • E.g. Mach, L4, AmigaOS, Minix, K42 Monolithic Kernels VS Microkernels Hybrid Kernels • Combine the best of both worlds – Speed and simple design of a monolithic kernel – Modularity and stability of a microkernel • Still similar to a monolithic kernel – Disadvantages still apply here • E.g. Windows NT, NetWare, BeOS Exokernels • Follows end-to-end principle – Extremely minimal – Fewest hardware abstractions as possible – Just allocates physical resources to apps • Disadvantages – More work for application developers • E.g. Nemesis, ExOS • Next Thursday! The Microkernel Debate • How big should it be? • Big debate during the 1980’s Summary:
    [Show full text]
  • A Secure Computing Platform for Building Automation Using Microkernel-Based Operating Systems Xiaolong Wang University of South Florida, [email protected]
    University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School November 2018 A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems Xiaolong Wang University of South Florida, [email protected] Follow this and additional works at: https://scholarcommons.usf.edu/etd Part of the Computer Sciences Commons Scholar Commons Citation Wang, Xiaolong, "A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems" (2018). Graduate Theses and Dissertations. https://scholarcommons.usf.edu/etd/7589 This Dissertation is brought to you for free and open access by the Graduate School at Scholar Commons. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Scholar Commons. For more information, please contact [email protected]. A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems by Xiaolong Wang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering Department of Computer Science and Engineering College of Engineering University of South Florida Major Professor: Xinming Ou, Ph.D. Jarred Ligatti, Ph.D. Srinivas Katkoori, Ph.D. Nasir Ghani, Ph.D. Siva Raj Rajagopalan, Ph.D. Date of Approval: October 26, 2018 Keywords: System Security, Embedded System, Internet of Things, Cyber-Physical Systems Copyright © 2018, Xiaolong Wang DEDICATION In loving memory of my father, to my beloved, Blanka, and my family. Thank you for your love and support. ACKNOWLEDGMENTS First and foremost, I would like to thank my advisor, Dr. Xinming Ou for his guidance, encouragement, and unreserved support throughout my PhD journey.
    [Show full text]